Cables2Clouds
Join Chris and Tim as they delve into the Cloud Networking world! The goal of this podcast is to help Network Engineers with their Cloud journey. Follow us on Twitter @Cables2Clouds | Co-Hosts Twitter Handles: Chris - @bgp_mane | Tim - @juangolbez
Cables2Clouds
AutoCon5 and The State of Network Automation in 2026
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Network automation doesn’t fail because engineers can’t code. It fails because teams can’t turn one-off wins into a repeatable way of operating. We sit down with Scott Robohn of Solutional, co-founder of the Network Automation Forum and one of the people behind Autocon, to unpack why Autocon keeps growing and why a “production-first” mindset changes the entire conversation.
We talk about what makes the Autocon room feel different from traditional tech conferences: a grassroots vibe, a tough selection process that rewards what’s actually running, workshops that go deep, and a culture where it’s safe to share what broke. Scott also highlights a leadership track idea that hits home for working engineers: automation only scales when we can explain outcomes, costs, risk reduction, and why the business should tolerate early stumbles.
Then we get real about AI in NetOps. LLMs can speed up scripting, summarize telemetry, and help teams prototype faster, but that doesn’t magically create maintainable enterprise automation. We dig into the gap between step one and step three, why workflow discipline matters, and how spec-driven development and test-driven development make AI-assisted work safer. We also connect the dots to security automation, SOC versus NOC adoption, and the emerging “security for AI” problem where policy alone is not a control.
If you’re thinking about Autocon 6 in Tucson (November 16 to 20), Scott shares what to expect and how to plug into the community. Subscribe, share this with a teammate who owns change management, and leave a review with your biggest automation hurdle.
Connect with our guest:
Scott's LinkedIn
https://www.linkedin.com/in/scottrobohn/
Network Automation Forum
https://networkautomation.forum/
Solutional
https://solutional.com/
Check out the Monthly Cloud Networking News
https://docs.google.com/document/d/1fkBWCGwXDUX9OfZ9_MvSVup8tJJzJeqrauaE6VPT2b0/
Visit our website and subscribe: https://www.cables2clouds.com/
Follow us on BlueSky: https://bsky.app/profile/cables2clouds.com
Follow us on YouTube: https://www.youtube.com/@cables2clouds/
Follow us on TikTok: https://www.tiktok.com/@cables2clouds
Merch Store: https://store.cables2clouds.com/
Join the Discord Study group: https://artofneteng.com/iaatj
Welcome And Guest Introduction
TimHello and welcome back to another episode of the Cables to Clouds podcast. I am here with both of my co-hosts today, Chris Miles and Katherine McNamara. It's a rare celestial event where all of us could get on the same uh same line. And uh we have a returning guest with us as well, Scott Robohn from Solutional and also the runner, the founder of uh Autocon.
ScottCo-founder, co-founder of Network Automation Forum. Yep.
TimSorry, yes, uh I he which he has no uh corrected me. Um so actually, yeah, yeah. So co-founder of Network Automation Forum and runner? Uh so what's the title? What's the Autocon title that you you've taken for yourself?
ScottYeah, so but Chris Gruneman and I are both the co-founders and the ops team for every one of our events. Um the events are called Autocon, and like all good engineers, we started indexing at zero. So the first event was Autocon Zero, and we just finished Autocon 5 in Munich, Germany a couple weeks ago.
TimAwesome. Awesome. Yeah, no, I I would have loved to have gone to Germany, unfortunately. I could not, but we did send Cisco. I know Cisco did send one of our own uh good friends, uh Francois Khan out there, and he was telling he was raving about how great the event was. Um so yeah, so actually let's just start uh there. I kind of jumped or we kind of jumped the gun and moved around a little bit, but Scott, if you don't mind, introduce yourself for the people who may not have have caught your last the last show we had with you, and then we'll kind of go from there.
ScottSure.
Scott’s Path To Autocon
ScottSo Scott Robon, 35 plus years in the industry as an internet plumber. Um just been super fortunate in the things I've stumbled into in my career. Um, you know, was on the operator side with Bell Atlantic early in my career, spent spent a long time on the vendor side at Juniper Networks and Cisco and Nokia. Um, was itching to do my own consulting work for a very long time and I was a very big chicken about it until about four years ago, where I really started planning um, you know, making the next step and over-communicating with my wife about it. Um, like wicked over-communicating. Hey, this is what I'm thinking. Let's do this. What do you think? Um, and then in January 23, I pulled the plug on corporate employment um and just put my shingle out. Autocons and network automation forum were not part of my strategy. Um, this is a super happy accident, if you will, where having the flexibility running my own consulting business gave me the ability to say, well, let's try this network automation conversation thing. And I I can give you a little bit of that story if that's okay, like to prime the pump here. Yeah, yeah, yeah. Go ahead. So, Chris, Chris Grunman and I didn't like know each other personally. I think we knew about each other. Um, but we've both done things in and around network automation most of our careers. Um, we got introduced through Mutual Friend, and we just started asking what's the holdup with the uh with the resistance to network automation in the TRAD network engineer community, which I definitely put myself in. I, you know, built networks the old-fashioned way and ran BERT tests and all that stuff. And um, we decided to try a little experiment that turned out being Autocon Zero. We said, well, let's get a bunch of people together to start talking about the issues, you know, what what are the technical issues, what are the cultural issues? Guess guess with one wins. The cultural issues carry um much more weight. And we deemed that event a success. We said if we got about 200 people, that would be really good. And we got like 340. Um, and it's gone up, up, up since then. So um that's let me give the mic back. That's kind of the stage for the conversation here.
TimNo, that's great. Um, yeah, because you know, there may be people so so two things. One is uh if you go back into our archives, we actually had a really good uh conversation with Scott about this journey that he made from going from corporate life to running his own uh business. If highly recommend you go back in the archives if you haven't seen it before or heard it before and take a look at that. I think it was last year that we did that. And uh great, great conversation. And then because out of that came, you know, among other things, is Autocon here and great setup for Autocon for those who may not have uh attended or or seen it. Um it's been wildly successful. Uh it's just it's been crazy to to watch from the sidelines and see how much it has exploded uh you know, time over time here.
ScottSo you guys it's awesome to hear other people say that, right, and not think it in my own head because the external view is much more important. Um, I would say fundamentally, we found um a set of unmet needs. Like the reason it's been so successful, like don't get me wrong, it's it's work. And Chris and I have done a lot of work to, you know, if if if this is an oasis, if it's a watering hole, you know, we're here to make sure there's enough chairs for people to kind of sweep the dust and the leaves off the seats, make sure the water's clean, et cetera. Um, and really interesting things just happen when you make um ability for people to come together and talk about the stuff that's been on their mind for a long time anyway, and want help from peers and want to help peers. So that two-way street has been amazing to watch.
What Makes Autocon Different
ChrisYeah. The uh as Tim said, I think the I always hear grand things about Autocon after people end up attending um you're up at what, you just have five, your fifth event, right? So um obviously things are things are going pretty well. Um, you know, maybe for listeners out there, and and you we're talking about, you know, the the the plumbers um that have been around for a while now. We've probably been all attending things like Cisco Live or Nanogs and things like that. Sure. Um in your opinion, I guess what makes this what makes the room feel different at an Autocon event versus one of those one of those structured events?
ScottYeah, I I couldn't have asked for a better starting question. We're very, we're very grassroots. Um every talk that hits the main stage um goes through review by 14 people, our 12-member advisory board and Chris and myself. And we usually give 4x to 5x the number of proposals for talks that we actually have time for. And the way we've structured it now, we have about 30 slots, th about 30 speaking slots in an event. Um and there's a painfully democratic process where, you know, we have to say no thank you to lots of good proposals. Um, so we focus on, you know, what's in production, what are you really doing, or have you tried in your network? We really want to avoid m pure marketing pitches, no, no, no disrespect intended to our good friends who may be part of this discussion today that serve in technical marketing roles. Um we we we want reality, right? And I know we want to talk about how AI is impacting things here, but that focus on what's in production today has been a real kind of anchor point. Um, and and there's a good compare and contrast against okay, new tech that's coming at us, what's just being talked about versus what's been really put into production. That's a an interesting vector, and I know we'll talk about that through the course of the conversation. That's it, those are the talks. Um Kat, go ahead. I don't want to keep talking.
KatherineOh no, no, I I did I thought you were over done. Like, sorry, you continue on and I'll ask my question.
ScottWell, so the only other thing to just pre-pend there, um, because I'm a BGP guy and I like to talk about pre-pending. We also have workshops. So we take a whole week. The first two days are workshops and they're set into uh an array of 16 four-hour workshops, also same selection process, um, and then the three days of content. So the comp the the week itself is two days of workshops and three days of conference.
KatherineI was gonna
Favorite Talks And Leadership Lessons
Katherineask you, so I mean it it's kind of uh unfair to ask you to pick your favorite baby or you know, which one here, but like what was the your favorite thing that you saw out of the last one, like favorite talk or favorite workshop that you thought was just like, you know, clicked for you and thought was inspiring?
ScottYeah. Well, per per your uh your introductory comment there, of course I have no official favorites, but at this moment in time, you know, here here are ones that really hit me. Um and I'm not gonna remember all the details, but uh let me let me throw out um the we wrapped up the last day with a set of lightning talks, you know, 10 minutes, bam, bam, bam. And I should have looked up the gentleman's name before we actually hit record here. But there's one gentleman, I think, from Spain, who actually was talking about firewall um automation and just delivered a rapid fire, like full of content, appropriate level of humor, rapid fire in 10 minutes, and like we couldn't have closed out the event, you know, with a better, you know, take us home um event on that front. Um, so that was really enjoyable. And I would love to talk about this more if we go there, but I want more automation of security content in here. Like, I I think we treat things as silos. I'm kind of a unified field theory guy, and um we can do a lot more coordinating and automating the network and network security together. Um, I think a couple of you can probably speak to that. Um and we'll be looking for proposals for talks uh for our November event. So think about that. Some other um really good ones. Uh, there's a couple of guys from Core Weave who um did a workshop and a talk on modern network observability. Um that's Christian Adele and David Flores. Um, they actually have a book that they put out last year, I think before they actually moved to Core Weave. They're former network to code guys. Um but they they really get what's happening in telemetry, and of course, working in a high pressure environment in the you know GPU neo-cloud space, they they they they have to put the tools to work. Um so they were particularly good. Um the opening keynote um was a a gentleman named Mike, Mike Bouchon, who's currently at Nokia, and um Mike's really good on the all the stuff around the tech. He can go deep on the technology too, but he basically said there isn't just one way to sell network automation projects to your leadership. There's actually four constituencies with four different whys, and there are a whole bunch of biases and manipulation techniques that are used in selling concepts. This is I'm making it sound a lot darker than it really is.
KatherineUm, I that actually makes perfect sense. I I think that like we engineers get very in the weeds with technology, but uh you have to sell it to your leadership to actually like invest in it, be okay with it, you know, be okay with the stumbles that might happen at first. And uh somebody out there t teaching like how to sell that so you know internally to leadership and to for them to give it a chance. Uh it's actually a really great uh talk that you know I think a lot of engineers would love to hear.
ScottI uh you're spot on. And uh because of that dynamic in particular, um at our event in Austin in November 25, we started a leadership track, just a half day, so four or five sessions, particularly on those topics. You know, we still have the general track and the deep tech stuff, um, you know, for people that would want to consume that content, but it's part of the whole story. It's uh it's a really important piece of the puzzle. I'll throw one other um item out there. Um, you know, with the whole impact of AI, uh, we had a gentleman named Ed Dularhu. I'm sure I'm mispronouncing his name, and I apologize, Ed. Um, but he did a workshop on spec driven design. I'm kind of really gloming on to as a way to think about how to use all the tools, AI and otherwise. Again, I'll I'll lift up my I have no official favorites, but those all those all hit me really, really in a good way this past um Outcon 5.
TimOh, that's that's really good. Um actually I really love the idea of uh including the culture stuff because it's something that, you know, unfortunately a lot of the tech, a lot of the vendor tech events, they have like a uh a leadership track, if you will, but it's really just kind of meant for like, hey, you're an IT leader, let me kind of, you know, whatever you want to call it. Let me let me filter you off to the side here so we can kind of uh get you your own version of the tech uh stuff about tech decisions, wouldn't d which which ignores the the piece, like you said, where where engineers need to actually understand how to sell to leadership or just how really just how to communicate really with leadership about what the tech is for, what is the business outcome that's coming out of it. Like there's a lot of translation that's missed there. So it's good to see you guys are um kind of trying to make up that that uh make up that uh difference.
ScottSo I would I I would say on that front too, like that's a personal thing for me that I definitely um intentionally ignored for way too long. I did not want to talk to anybody about accounting for anything, you know, financially. Um I of course wanted my leadership to just understand and just believe us when we say that we need it. And uh, you know, that's really not sufficient. And uh I'm I'm lucky, I'm lucky they didn't hurt me more than it did over the course of my career.
TimSo yeah, absolutely. And you mentioned uh also about spec driven development. Um we had uh we had I think it was Jason Belk we had on uh a few months ago to talk about to talk about spec driven development. So yeah, we're familiar with it now. I wasn't at the time, and yeah, you're right. Like this kind of whole you know, field theory, if you will, uh of building something is is really really interesting.
AI In Network Automation Gets Real
TimUm you mentioned the AI was part of it um at part of the talk. So I I wanted to know, actually, I'm curious because I keep seeing because it's one of those things where you know on LinkedIn and in social media and whatnot, you just it's like AI everything, right? I mean, even our show, because there's so much of it out there, a lot of it ends up on the show because of like news and stuff like that. Um at Autocon, right? So obviously network automation is like you know, inextricably, it's gonna be inextricably linked in some way with AI because they it just makes sense for them to be that way. So, what are you seeing at the Autocon, you know, between maybe the last one and this one? Or or can you draw, I don't know, like a graph, not literally draw a graph, but I mean like in your head, draw a graph of how much AI has started to show up and and also just like how useful, like like is it good, is it good use or is it like just kind of vibe-coded garbage? Or like what do you what do you see in?
ScottSure. So there's a there's an interesting track here from you know, before we started. If you go back to 2023, um, you know, when we had autocon zero, I I can't remember when Chat GPT went public, you know, it was was uh it wasn't far before Autocon Zero.
KatherineIt was 2021, actually. I remember that. Yeah.
ScottSo it was there was momentum and it was starting to take up more oxygen. And even at the start, I wondered are how much are we gonna see in terms of proposed content um, you know, using using chat tools, right? And agentic wasn't in our vocabulary at that time, at least not most people, not not network engineers' vocabulary. Um, and there was almost zero AI-related content right at the start because hadn't been around enough for anything to go into production and the massive hype cycle had really not um gotten in complete gear quite yet. We we've seen, I think, an increasing number of proposals that have AI angles to them because of our strong preference for things that are in production. You know, they don't they haven't been selected because things haven't really hit the network yet. But I would say, like if I if I think back to um Autocon three, which was Prague, so that was May 25, to Autocon 4, Austin, Texas, November 25, to now Autocon 5, um, May 26. There's been a little more each time. And like again, our process is intentionally biased toward keeping things focused on production. But we are seeing seeing people playing more with um what's going on in production. Um and I will point you to uh Lumen, you know, large um internet service provider amalgamation of lots of networks that have been glued together. Um there's a guy near named Greg Freeman who has taken, I think, a really rational approach on a multi-year basis of driving automation and orchestration traditionally with scripts and some low-code, no-code tools, but now also experimenting with, you know, okay, I can st stand up MCPs to get information about circuits, you know, other people's services. I can now use agents to grab status, make decisions and do things in the network. Um, Greg was the closing keynote at Autocon 4, and that's a good one to take a look at to show kind of that slow ramp of we're automation friendly and now we're actually taking very measured steps to see how AI can be useful. Again, I don't have any favorites. I'll I'll say that 17 times before we're done here. But uh that's a really good no, no, it's and it's the no sweat. Um but it is a really good representative example of it's a it's a revenue generating network, right? There it's it's it's not a cost center, it's how they make money. Um, and they're you don't put anything in production. This isn't an AI or an automation uh concept, right? Until you trust it. You know, you've kicked the tires, you've done some okay, what are the problems I'm trying to solve? Bring it in the lab, do a POC, you know, asset what a limited deployment would look like with specific goals to make sure this is really gonna do what I want it to do. Um, I'm not gonna let it loose in the wild until I'm sure that uh this is gonna do enough of what I want it to do. I think that's where we are right now. People are we're moving from, hey, just asking Chad GPT to give me a code snippet to vibe coding, you know, a website or an app, which by the way is great for prototyping and great for enabling people who are not good coders or coders at all. It's just not great for extensible, supportable enterprise software, right? Yeah to things like spec driven development and test-driven development that have a mind of we're building a product that needs to be maintainable and it's going to integrate with another code base. So we're we're seeing all the all the processes around it mature to make sure we're we're doing useful things. I'm I am a uh rational optimist when it comes to this. Like I'm not, you know, let's turn on AI everywhere all the time, but let's see, you know, let's see what pieces of the puzzle we can really attack with different AI mechanisms. And remember, AI isn't one thing, right? Right. Uh so that's yeah, just off the top. That's great.
KatherineI completely agree with you. Just off the top of my head, I can think AI can make even if you're not just like let you know, let AI take the wheel and drive your network, because that could be pretty costly and you know, other issues. You know, things like whipping up a quick script for you for like deploying a net you know enterprise-wide uh you know uh you know, change, uh being able to use it to at you know, take a bunch of aggregated data and sort it out for you in a nice readable format. There's a lot of like uses I could still see it with uh with uh automating your network or automating the analytics you get from your network.
ScottYeah, that's that's a that's a common one, right? You know, you're you're not trying to find a needle in a haystack, you're trying to find a needle in a needle stack. And LLMs are really good at at sorting through data like that.
ChrisSo Yeah. Um I was doing a little bit of research before the show, and I think uh I believe it was Chris uh Grundemann who I think it was back in the I do remember this a bit where I think he ran like a survey talking about the state of network automation. Um and I think the the kind of the tagline of the theme was like why haven't we reached full adoption of network automation at this point? Right. Yep. Um now I guess with this kind of recent paradigm shift of AI in the last you know two years, um I'm curious how how have you seen that kind of speed things up or or not speed them up? Because I'm it in my in my like I mean my opinion, but also my day-to-day, what I've seen is like it it makes it so much easier to at least get started with something in in the realm of automation or you know, prototyping, things like that. And while yeah, I think you're right, in you know, the sense of like vibe coding um may not really get you to the point where you build an enterprise grade application or solution that you can use for something like automation. Um, you can also just plug in like the open APIs that are used by your your vendor stack that you already have in place today and help build something on top of existing documentation. And it kind of like it just snowballs, right? It makes it like so much easier to get started. So I'm wondering if that's like permeating out into what you're seeing in the kind of overall state of things.
ScottI'll give you the short answer first. Yes, slowly, right? It's not it's not and again, you know, for those of us that have been doing this and have operational responsibility for keeping a network up, you're not gonna throw anything out there that you don't trust, right? Um because I don't want Be up at two in the morning. And if I'm up at the two in the morning, it's not gonna be because I want to be on the network, right? Tip of the hat to Chris and him running the state of network automation survey, which he's updated for three or four years running now. Um, and like we've really used the NAF community to drive response rate to get a better set of data. Um pretty sure there'll be an update on that this November at Autocon 6. Um, and there's a couple good recordings of him talking about this, I think both from Austin and he did it at Nanog, I think earlier this year too. So um so you can you can you know hear it from the man who actually pulled all the data together. On on you know, useful AI mechanisms, right? Yeah, you both hit on you know those piece part um things that are still useful. I think the next the next thing to think of is like, okay, what does workflow look like? And what what uh what AI related steps am I integrating into workflows? The B in my bonnet these days is many shops have like abandoned the idea of workflow and are just all trying to f we we solve the same problem over and over again. We don't realize if we capture this, you know, maybe we can routinize it. Um whether it's automated and whether without AI, you know, it's like don't don't spend cycles on trying to you know figure out the same problem. I'm an industrial engineer by education, so that whole focus on process comes very naturally to me. Um it's been like a great circle of life thing where you know stuff I learned and used early in my career, it's like this really applies to running the network too.
TimSo yeah, this um it's an interesting paradigm, right? Because you have so obviously network automation has been around for a while, Ansible, like just all the the different ways we can do it. And that's actually part of why obviously AI uh LLMs have you know the abilities that they have because they've been trained on all of this work that's been done, right? Um, but I've noticed that even in my own, you know, when I'm trying to do something uh with AI, I I I'm like, you know, like you guys, I stop and I think, like, all right, so I've created this thing to solve this problem, but like how could I operationalize this? How could I make this bigger than what it is and not just bigger, but like sturdier, more, you know, enterprise ready. And the the chasm between, you know, depending on where you're starting, right? And what I found is of course, the more you know about the the root subject that you're starting with, the the better you're gonna, the better your output's gonna be every single time, right? All always. Um but then it still feels like there's a chasm to cross. If you started with, hey, I'm gonna start with AI, I'm gonna have it build me a prototype, or help me help me get to a prototype, there's still a uh a large chasm to cross to say, okay, well, now I can take this thing that I've co-created essentially or supervised or however you want to call it, uh, and operationalize it, right? There's there's a there's an un there's like a big, you know, you might as well just call it the cloud or something. Like there's this middle, uh, you know, step one steal in her pants, right? Like, you know, you know, step three profit type of of thing that I think people are, I think a lot of people are struggling with. So, you know, when you see that you're talking, I mean, obviously Autocon favors stuff that's in production. Um, have any of the people who've done their talks, you know, kind of touched on how they went from where they, you know, from step one to step three in the middle there. Is it just kind of like, oh, we just kind of refined it and there it is, you know?
ScottWell, so there's certainly varying levels of detail, but but yeah, we, you know, the the Cartman South Park reference is not lost on this audience. Um, and figuring out what what are the details beneath the question mark of step two? Like one of the things we encourage is, you know, you can talk about your failures. Like, what did you try and it and it failed? Um, and what did you learn from it? Like that's that's like one of the key values of having like very grassroots audience presenting. And we love first-time presenters as well. We'll work with folks that are you know haven't gotten up in front of 600, 700, 800 people before, but not just not be, you know, really reduce the fear level of I I tried this and I really screwed it up, but here's a way to let other people benefit from that. Uh, there was one talk in the last couple of meetings um that was along the lines of, you know, how my first network automation project failed and how it's still doing in production today. So even things that we think are failures can still have utility.
Cutting Through Hype With Process
ScottUm so I I you know, to the to the broader point here of like figuring out how to use all this stuff, I I think I think one of the things that we all need to keep in mind is like we're right in the middle of this cyclone hurricane for the North Carolina contingent here, right? Um, where things are, I don't know how you all feel, but in the course of my almost four decades doing this now, things are moving faster than they've ever moved before, which which means there's a lot of you know self-shielding that you need to do, like to sort through not just marketing hype, but even useful content that may not be you useful to noise. Right. You know, and noise from your particular perspective, you know, coupled with oh, there's a lot of new things that I could try and that might be helpful to me in my role. And so the challenge of figuring, you know, finding the signal and that signal to noise ratio is harder, I think, than it's ever been. I'm gonna push that back to you all. See what do you think? Am I just the the guy with seven grandchildren complaining about this?
ChrisNo, I I I completely agree. I think the thing is, at least from what I see, is it seems like every single person in some capacity, um, which I mean I know social media kind of puts this on a on a display that you wouldn't normally see in your day-to-day life. Yeah, it's curated, but it does feel like everyone, everyone's been given a at least some form of Pandora's box that they've opened themselves. So to your point, everyone is doing something brand new and everything is changing on a regular basis, but everyone's everyone's coming to the table and saying, like, oh, I did this, I did this, and people are doing amazing things, but they're all doing them slightly different. Um, there's not like no one follows frameworks and things like that exactly to a T. Like everyone's fine like slotted in different tools and workflows and back ends and memory stores and things like that to achieve kind of this like thing. And the and and like it could it could literally all change in two weeks because some you know, some foundation model provider comes out with some new new thing to do a certain thing and uh you know blows it all up. So it's uh I do understand what you mean, but you gotta shield yourself because if you're just like if you're just the you know out there in the water, you're just gonna drown.
KatherineI was also gonna say that like um on top of just like individuals deploying these things in production, we also have a lot of vendor noise, a lot of startups and other things coming out at a faster pace, saying that they have the solution for you know the AGNX solution for your network, the AGNX solution for your security. And everyone claims to have the magic fix. And it's just I I I experienced this a little bit going to RSA this year. Like everybody, every you know, there's hundreds of booths, and every single vendor claims to have the solution to your magic, you know, the same problems. And um uh same with the network automation and other things, like every vendor uh we know there was a bit of noise before where like there are a lot of vendors saying we have that magic fix to like automate your network, but it's even worse now because there's more vendors popping up with magic solutions, you know, with AI crammed into it. And it's hard to know what's actually going to be like is this just a marketing pitch? Is this real? Who how many people have actually successfully deployed these these tools or or use the automation? Um and so, like you said, like it's even noisier now than it was before. And it's both on the vendor side and on the individual side.
ScottOne of the things I do in my consulting work is like help organizations develop corporate discipline on proactively looking at new tools in tech that are coming to market and matching that against what are my business problems? And like you helping helping using that to help you filter into all right, these are people I should take a look at. I should go to RSA and spend time at their booth and then really see if I want to bring them in for a POC. I I love what we're doing with Network Automation Forum to complement the more vendor-centric venues. Like, and I'll say this super carefully, right? Like I remember going to Cisco Live in 2000 in Vancouver, BC, when it was still called networkers, by the way, um, and seeing John Chambers talk about IPv6 and IoT, you know, that early on. And like that's amazing and it's a visionary, and it took and it's still taking 20 plus years to come to fruition, right? Right. So there's I I you know, and I and again, uh I spent 18 years at Juniper and and it was the single most formative experience in my career from a technical formation and a leadership formation perspective. And so like I've sat on that side of the aisle and I know like, hey, we think we have really good things we can bring to people. We obviously have our vendor um context and we are motivated by profit and feeding our families, right? So that's all natural. It's good to have other venues, right? Where I can measure that against, all right, what are people doing from an implementation perspective? And NAF helps do that, NanoG helps do that, the local networking user groups from USN UA do that. And like if you take it all together, you could just spend a career going to conferences, which I'm sure we all want to do here, right?
TimThat's that's a good point, actually. There's like a lot of bad food, yeah. A lot of travel, a lot of a lot of food.
KatherineI'd miss home after a while.
TimA lot of opinions, a lot of very strong opinions. Lot of swag, though, a lot of swag.
ScottYou know, so look, t-shirts, man, we all have too many t-shirts, right? Yeah, double. And socks are really interesting, but when you have a size 15 foot, the vendor socks never fit you. Um, but there's some cool stuff out there. Like kudos to the vendors that think creatively about swag.
KatherineSo uh well, I'll try try being a petite female going to a tech uh swag, like every shirt is oversized, it's like a m uh, it's like a dress on me.
ScottYeah, no, I and we actually try to order enough smaller shirts uh appropriate to the number of people that fit your demographic that that join, right? And it's always better to have too many of those. So yeah, no doubt.
Security Automation And AI Risk
ScottCan I can I ask a question again to our friends on the security side of the house? So I have this perception, you know, the sock has been much more amenable to both automation and AI than the knock has been. Because you you you know and have lived, you know, you gotta fight robots with robots. You can't fight robots with humans, it doesn't scale. Do you think that's an accurate statement? If it is, what can the knock learn from what the sock has done here? And if it's not an accurate statement, slay me. Like show me, show me where I'm I'm just jealous.
KatherineNo, I was gonna say, um, I think for monitoring, it's gotten uh a lot better for using like AI and automation because when you look at like like the average um enterprise has anywhere between like 40 to 80 different security vendors, which means there's a crap ton of logs. And if you're looking for like uh an attack chain or some something like that, you can staff your sock to the t you know to the brim with human bodies, but no human body is going to be able to correlate all the data between all that law, those logs, you know, fast enough to catch, you know, catch something uh at the beginning stages. So tools like automation, uh, you know, automating looking for like certain attack vectors, um, uh you know, uh using your SIM uh automation with your SIM, um, AI to kind of like also look for that needle in the haystack. Um it I you know, I I have seen a pretty decent adoption. As far as like automating like changes to like a ton of network, like like security equipment and stuff like that, uh it's it's kind of uh probably more on par with the the uh the knock. I I think that like like very simple like Python scripts and other things like that. Like I I you know, admittedly, I go and uh you know I work in a vendor and I work, you know, talking to a lot of the network and and security side of things. And I've had to help customers like to put like write scripts and stuff like that to do that. So it's not like um, you know, I I don't usually go into a SOC and see a lot of people who are like coding from scratch or anything like that. But like there has been some assistance with AI helping them write Python scripts and stuff like that that I've I think has helped the the uh adoption of uh automation a little bit better from people who are not coders. Um but yeah, like I think it's more used for monitoring and adopt adopted there than it is for actually deploying like huge changes. Um I'd like to see more adoption. Um, and I think we're we're hitting that point where when we're starting to see like big breaches and stuff happen more rapidly because the attackers have no nothing to lose. Like if they use AI to like j vibecode a zero-day uh like a malware like piece of malware or or uh try to attack something, you know, if it fails, it fails, they're not gonna lose business. But if you're not using AI or or automation to detect that and it's happening, and you know, you're you're gonna be at a severe dis disadvantage. And I think that a lot of socks and and security teams have woken up to that. And that's where I've seen the more adoption, the more monitoring side than the actual like deployment side, if that makes sense.
ScottOh, it makes perfect sense.
ChrisProbably probably to add a little bit on there, I think like uh security is a much larger and wider chasm than shirking is, right? So um in in turn, there's a lot more noise and you know uh Catherine just talking about RSA. I think there's a reason why at RSA I saw ten like what felt like 50 booths uh advertising AI socks. I don't think I've ever seen a booth advertising an AI knock, really. You know what I mean? Like um, and I think that just kind of speaks to the noise um and the amount of uh data that those things have to go through. Um yeah, I mean, what uh it it's an interesting question as far as what can the what can the knock learn. I I will say that I've um by choice not worked in a knock for a very long time because I uh uh as soon as I got out of breakfix, I knew I was never going back. Um but um yeah, I think it's just I don't know what you can learn. Uh that's a that is an interesting question. Um I I I mean, uh did but did this come up at Autocon at all, actually. Was this was this kind of a topic? Okay.
ScottSo we've bumped we've bumped up against it. I think we've had uh just not not to endorse products, but a couple Palo Alto related talks over a couple different conferences, largely about automating instantiation of firewall rules, right? So not a gr not a grand scheme, but you know, a starting point.
ChrisUm in terms of automation, I will agree that's probably the most common one that you see. Yeah, yeah, of course.
KatherineI I will say this even if the SOC is faster at adopting it for uh for um security reasons, security doesn't just end and stop at the the SOC. Like we have the network team usually in charge of the firewalls and the network access control. You have the desktop support team in charge of like the EDR, things like that. Um I will say though that like even with uh even if they are faster than you know, adopting it for monitoring than the knock is, um, it's not fast enough. For example, like and this is anecdotal, granted. I I I service uh a few hundred customers, so that's that's the sample size here. Um when I go out to a customer and I ask them what their AI security strategy is like for protecting against rogue AIs and rogue tools, because we you know we live in a world where you know where uh you know somebody can download OpenClaw to their laptop because they want an AI assistant and then open up a bunch of security holes, things like that, or they can utilize like a uh a model that might not be incredibly secure on the internet. Like I know DeepSeek is the one that people like to say is like you know, doom and gloom, but I I I don't actually think that Deep Seek is that terrible compared to other ones that might be rogue out there. And most of the time what I hear from customers, uh like their security team, is we have a written policy that employees have to follow, but they don't actually have security controls or ways to detect like I I've met a couple that have like actually figured out like how to block open claw downloads and things like that. It's not it just malicious inside like people, it's like sometimes people inadvertently trying to do good and opening up security holes uh or trying to use a what they think is a legitimate tool, and then you know, compromising confidentiality. And so like when I when I talk to these folks, they're still behind most most of them. I've had a couple that have like at least put like some DLP and decryption in place, but like most of the time uh they're still somewhat behind uh you know, with how fast things are accelerating. And that's just me having my own worries. Like we we we are even if the SOX adapt uh and security teams are adapting faster than the knock, they're not doing it fast enough for the threats that are out there.
ScottSo I would I would throw this at at you and your customers. Like we're gonna have a call for you know proposals for talks soon. Um you go to networkautomation.forum, you'll see, you'll see the links up in the top. Like submit proposals on this. Um you already heard my rant on the painfully democratic process that you know proposals go through, but I'd love to see I the this is one of those things where even if it's not top of mind for lots of people in the NOC, metaphorically speaking, it's probably good to get some exposure to what's happening in our close sibling tech silos, right? Um, that really shouldn't be silos. So I like I'd encourage anybody listening, you know, be watching for when the call for proposals comes out. I I want to see more more content like this for sure.
KatherineYeah, I would be interested in probably doing something like that, or at least talking through some of the challenges that I've been seeing out there.
ChrisThe door isn't just talking about everything that doesn't work. That's uh we can do that.
ScottWe don't we don't have enough the conference isn't long enough, Chris.
ChrisI was gonna say how much how much time you got. I've broken a lot of stuff, man. You wouldn't have to be.
KatherineBut I do think actually, though, like like what Scott was saying in the beginning, like having those lessons in there also of what didn't work and what you learned from it is also really great. Because in reality, like I think when we before automation was a big thing, I think we all like have had issues where you know, like every single network engineer cuts their teeth, or network admin, whatever, cuts their teeth on breaking something in production. We all do that. And you have to remember that even when you try to automate things, there might be, you know, something you cut, you know, you tested in the lab, looked great, validated, and then you do it in a deployment, uh, do it in production, and everything hits you know hits the wall. But it's good to learn from those lessons and not be scared like you know, like that your whole career is ended because you make one mistake. We've been making mistakes uh as human beings, you know, along our career all along the way. You learn from that mistake, you you you grow from it, you learn from other people's mistakes also, grow from it and uh and you get better over time.
ChrisYeah. One thing that um I I want to bring up, it's not completely on topic with what we were talking about, but what one thing that relates to kind of, I think what I've seen anyway, um in security automation um uh on that topic is the I guess the the kind of security for AI versus AI for security conversations. The security for AI is also rapidly evolving to the point where we have this kind of injection of even products that are just acting as AI gateways, which is basically just like proxies that that sit in front of um AI models, but like all those rules are actually being written in natural language and the and the way they process things is in written in natural language and it runs on top of GPUs. Like, how the hell do you automate that? How do you automate building rules that are written in natural language? We're used we're too used to you know working with JSON and in structured data, right? And it's like uh like it's just a it's just an absolute mess pot. So yeah, I think that would be um to your point, Scott, I think that would be a very interesting topic for for someone to speak on. For sure.
TimYeah. I mean, Catherine did a great uh security for AI talk at Cisco Live would probably fit right in.
ScottBut anyway, I I I I I didn't want to call that out specifically, but I did catch that and your recognition for it. Nice job, Kat.
KatherineOh, yeah, thanks. Uh I it was basically a vendor neutral one, just talking about how AI mod like secure AI security itself, like the models themselves, are very easily manipulated. Most of the time when I go out to customers and I ask, like I I said like before, like I go out to customers and I ask what their policy is to protect you know security for AI. And use usually it's we have a written policy. And I'm like, wait, no, here's some of the things you really should be why you should be locking down what AI is used or authorized and not from more than just a layer eight issue or layer eight perspective. And I my talk was all just showing me hacking various LMs.
TimYeah, screw very cool. Um okay, so uh we're running out of time. I
Autocon 6 Tucson Details
Timdo want to talk, uh you you've mentioned it several times. Let's talk about the next autocon for just a few minutes because uh I know I know it's coming in November.
ScottSo November 16th through the 20th, Tucson, Arizona. Um, we have our mascot, Nafi. Nafi is a cat, and we we've got Nafi all suited up in some desert hiking gear. So uh that's already out there. You can you can check Nafy out on that front.
TimImportant part button first. That's right.
ScottThat's right. Um the the cacti in in the the Tucson area. I there's a word saguaro cacti or something like that. They're impressive. Like, and don't don't come just to see the cacti, but come to see the cacti. Um those are the giant ones, right?
TimThose are the ones that are like super, super tall. Yeah, yeah.
ScottWith like with the with the arms. Like I remember what was Snoopy's brother in the desert. Um, or you know, I remember those peanuts cartoons with Snoopy's cousin out there, but um, yeah, the the the La Paloma Weston Resort, um, it's it's gonna be great. There's so much space for the hallway track, people sitting around talking, like so much happens outside of the workshops and the conference talks. It's just as important as the content. And we want to make sure there's lots of space for people to do that. Red stuff will be opening soon. Um, calls for proposals. Keep an eye on networkomation.forum um slash autocon six will get you right to that event page. You can also join our Slack. You can get there from the networkautomation.forum homepage. You uh our Slack is wide open. You do not have to have attended an event or have spent any money on anything with us. Come on in, um, you know, check out the temperature of the water and see where you want to plug in.
Closing Plugs And Final Thoughts
TimNice, very cool. Okay. Uh no, that's great, man. I'm glad uh glad you could join us. I'm glad we could have this conversation. Uh obviously we're we're out of time, so I'll have to wrap up, even though we could probably have there's a lot more to talk about. We'll have to have you back. Um thanks for thanks for joining us today. Any closing thoughts?
ScottNo, look, I'm I'm super honored to have to be on with all of you. I didn't know I would get to be with all three of you today, so thank you for that. Um, I'll just do a little plug for Total Network Operations. That's my podcast where I really focus on what's happening in NetOps, broader than automation and AI and all the things. But the one question I ask every guest on that show, uh, Kat, for your comments is what's the worst network outage you've ever caused? That's the uh the closing question. So you all think about that for when I actually have you on the show. So sounds great.
ChrisUh loaded, don't worry.
ScottI'm already ready. Most people don't have trouble um coming up. It's it's a matter of picking, okay, which one am I comfortable disclosing? So yeah, exactly.
TimAll right, everybody. Well, thanks for joining us today. Uh, if you liked what you heard or saw, uh, please give us a like, follow, subscribe, buy the uh buy the home game, and uh give Scott a follow. We'll make sure all his uh contact info, home phone number, everything is in the show notes. All of it. And uh we'll catch you on the next episode. Take it